USN-6522-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2022-41877 It was...

USN-6522-1 freerdp2 vulnerabilities

It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2022-41877 It was...

GIMP Security Vulnerabilities

GIMP is an open source bitmap image editor from the GIMP team. A security vulnerability exists in GIMP that originates from opening incorrectly formatted DDS, PSD, and PSP files could result in a denial of service or execution of arbitrary code...

GIMP Security Vulnerabilities

GIMP is an open source bitmap image editor from the GIMP team. A security vulnerability exists in GIMP that originates from opening incorrectly formatted DDS, PSD, and PSP files could result in a denial of service or execution of arbitrary code...

Modern Attack Surface Management for Cloud Teams

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what Cloud teams need to look for in an ASM solution...

GIMP Security Vulnerabilities

GIMP is an open source bitmap image editor from the GIMP team. A security vulnerability exists in GIMP that originates from opening incorrectly formatted DDS, PSD, and PSP files could result in a denial of service or execution of arbitrary code...

Authentication flaw

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...

CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...

When Maximum Effort Doesn't Equate to Maximum Results

It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners. The trick is...

Accelerating Security Risk Management

In response to the expanding attack surface, Mike Milner, Trend Micro VP of Cloud Technology, explores the role security risk management plays in this new era of cybersecurity and how IT leaders are accelerating innovation...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6503-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6503-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local...

Why Defenders Should Embrace a Hacker Mindset

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have intern...

UBUNTU-CVE-2023-44441

GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies

A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are...

De-risking in Practice: How Qualys Customers are Driving Value in Their Organizations

As the threat landscape continues to grow in complexity, it has become more important than ever for the modern enterprise to measure, communicate, and eliminate cyber risk with efficiency. What does that mean in practice? Over the last two days, during the 2023 Qualys Security Conference QSC taki...

Cybersecurity at a Crossroads: New Implications on Business Risk

During our 2023 Qualys Security Conference QSC taking place in Orlando, Florida, November 6-9, 2023, I unveiled an exciting new milestone for the company – the release of our new Qualys Enterprise TruRisk Platform, marking a seismic shift for the future of Qualys as a leader in managing and...

kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies

A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...

Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

...

CVE-2023-5516

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical detai...